Palo Alto Founder Nir Zuk on Making the SOC More AutonomousCTO Nir Zuk Explains How AI Can Help the SOC Investigate Every Security Event
Businesses should capitalize on AI, ML and robotic process automation to address every event rather than just ignoring the ones deemed unimportant by a SIEM.
Palo Alto Networks founder and CTO Nir Zuk says robotic process automation or SOAR can automate alert processing while artificial intelligence can be used to investigate security incidents in real time rather than waiting until after a data breach happens. The eventual goal of SOC automation should be to use AI to instantly investigate every event from opening a website to using an AWS S3 bucket (see: Palo Alto CEO: 'SIEM Needs to Be Eliminated and Replaced').
"If you always had the data to figure out what happened after the incident, why didn't you figure out in real time the reason that was happening?" Zuk asked. "And the answer is: Humans cannot investigate 1 million events per second. It's easier to wait for a data breach and then spend two or three weeks investigating the events that are relevant rather than investigating 1million events per second. But AI can do that."
In this interview with Information Security Media Group during Palo Alto Networks' Ignite '22 in Las Vegas, Zuk also discusses:
- Why EDR is "the most stupid idea" he's ever heard about in security;
- The most common new and emerging use cases for cloud security;
- What makes Cider Security's approach to SCA different from its peers.
Prior to co-founding Palo Alto Networks in 2005, Zuk was CTO at NetScreen Technologies, which was acquired by Juniper Networks in 2004. He was previously co-founder and CTO at OneSecure, a pioneer in intrusion prevention and detection appliances. Zuk was also a principal engineer at Check Point Software Technologies and was one of the developers of stateful inspection technology.